REDHAT-BUG-787104
First published: Fri Feb 03 2012(Updated: )
Juraj Somorovsky reported that certain XML parsers/servers are affected by the same, or similar, flaw as the hash table collisions CPU usage denial of service. Sending a specially crafted message to an XML service can result in longer processing time, which could lead to a denial of service. It is reported that this attack on XML can be applied on different XML nodes (such as entities, element attributes, namespaces, various elements in the XML security, etc.). xerces-j2 is written in Java and makes significant use of arrays.
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apache Xalan-Java |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of REDHAT-BUG-787104?
The severity of REDHAT-BUG-787104 is categorized as denial of service due to increased CPU usage caused by hash table collisions.
How do I fix REDHAT-BUG-787104?
To fix REDHAT-BUG-787104, you should update to the latest version of Apache Xerces-J where the vulnerability is resolved.
What are the potential impacts of REDHAT-BUG-787104?
The potential impacts of REDHAT-BUG-787104 include degraded performance and service interruption due to increased CPU usage.
Which software is affected by REDHAT-BUG-787104?
The software affected by REDHAT-BUG-787104 includes Apache Xerces-J.
Who reported the REDHAT-BUG-787104 vulnerability?
The vulnerability REDHAT-BUG-787104 was reported by Juraj Somorovsky.
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2012-0881
- agent/references
- agent/severity
- agent/last-modified-date
- agent/type
- agent/description
- agent/first-publish-date
- agent/event
- agent/trending
- agent/source
- agent/tags
- agent/softwarecombine
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/apache
- canonical/apache xalan-java